Privacy Notice

Version: 1.0

Last revised: May 27, 2024

Introduction

This Privacy Notice aims to provide you with a clear overview of the Personal Data we collect when you use our website (https://www.createch-lab.com/), including its mobile versions and our social media profiles (collectively, the “Website”), the purposes for collecting it, how we process this data, the recipients with whom we share your Personal Data, your rights concerning the collection, processing, and sharing of this data, and any other relevant information pertaining to the privacy and security of your Personal Data.

It is important to note that this Privacy Notice does not apply to Personal Data processed during recruitment or for our employees and contractors, as these are governed by separate privacy notices provided to the individuals accordingly.

We are committed to protecting your privacy and handling your Personal Data in an open and transparent manner and in accordance with the European Regulation 2016/679 and the relevant data protection legislation which is applicable in the Republic of Poland.

Definitions

For your convenience and comprehension, the terms commonly used in this Privacy Notice are defined below:

Term Definition

Data Controller A party that determines the purposes and means of processing Personal Data.

EEA The European Economic Area, which includes European Union (“EU”) member states, Iceland, Liechtenstein, and Norway.

Personal Data Any information that can identify an individual.

Services Any services, solutions, and offerings provided by us, as described on the Website.

UK The United Kingdom of Great Britain and Northern Ireland.

Who We Are

We are part of the Creative Tech Lab group, which includes parent entities, holding companies, affiliates, subsidiaries, and business units. Any of these entities may access Personal Data as necessary to fulfill their respective roles and responsibilities within the group.

Data Controller: Creative Tech Lab sp. z o.o.

Registration number: 528157572

Address: Jana Dantyszka 18, 02-054, Warszawa, Poland

Email: privacy@createch-lab.com

Our Data Protection Officer

For questions regarding this Privacy Notice or for more details on how we process your Personal Data, reach out to our Data Protection Officer (DPO):

Address: Jana Dantyszka 18, 02-054, Warszawa, Poland

Email: privacy@createch-lab.com

How We Collect Personal Data

We collect Personal Data directly from you through various communication channels, including forms on the Website, mail, phone, email, chat, and participation in events. Additionally, we collect technical data and statistics from your interactions with our Website. We may obtain information from third parties or public sources such as Linkedin to supplement our records.

While providing Personal Data is not mandatory, please be aware that failing to do so may prevent us from fulfilling your requests, such as entering into contracts or providing certain Services to you. Your cooperation in providing accurate and complete Personal Data enables us to serve you more effectively and efficiently.

What Personal Data We Process

We may process the following categories of Personal Data about you:

Personal Data Category Information

Identity and Contact Information Includes your name, job title, phone number, email address, and

messenger details.

Communication Information from your communications with us through chats, emails,

calls, or our official social media profiles.

Business Data Details about your company, legal status, industry sector, and your

interests in specific Services.

Technical Data Information about your device, including hardware and software details,

collected when you access our Website.

Statistics Data on how you interact with our Website, which may include your

preferences and device details. For more information about cookies and

other tracking technologies, please refer to our Cookie Notice on our

Website.

Why We Need Personal Data

We need your Personal Data for the following purposes, along with their related lawful bases:

1.1 Purpose of Processing

We need your Personal Data to provide information about our Services upon your request and manage our relationship with you and fulfill our contractual obligations.

Personal Data processed:

Identity and Contact Information;
Communication;
Business Data.

1.2 Lawful Basis

Contract

Legitimate interests (e.g., responding to your questions and other communication, developing our business)

2.1 Purpose of Processing

We need your Personal Data to make suggestions and recommendations about Services that may interest you.
Personal Data processed:

Identity and Contact Information;
Communication;
Business Data;
Statistics.

2.2 Lawful Basis

Legitimate interests (e.g., to promote our Services)

3.1 Purpose of Processing

We need your Personal Data to detect and prevent fraud and other illegal activities, including undertaking necessary security checks.

Personal Data processed:

Identity and Contact Information;
Business Data.

3.2 Lawful Basis

Legal obligations;
Legitimate interests (e.g., protecting our business and managing risks)

4.1 Purpose of Processing

We need your Personal Data to administer and protect our business and Website.

Personal Data processed:

Identity and Contact Information;
Business Data;
Technical Data.

4.2 Lawful Basis

Legitimate interests (e.g., ensuring security of our infrastructure)

5.1 Purpose of Processing

We need your Personal Data to develop and improve our Website and Services, and to enhance marketing, customer relationships, and experiences.
Personal Data processed:

Communication;
Technical Data;
Statistics.

5.2 Lawful Basis

Legitimate interests (e.g., to improve our Services, update our Website)

6.1 Purpose of Processing

We need your Personal Data for intra-group data sharing with other entities within the Creative Tech Lab group.

Personal Data processed:

Identity and Contact Information;
Communication;
Business Data;
Technical Data;
Statistics.

6.2 Lawful Basis

Legitimate interests (e.g., to ensure seamless business operations)

7.1 Purpose of Processing

We need your Personal Data to contact you with direct marketing communications, in line with your preferences. You can opt out of receiving these communications at any time.

Personal Data processed:

Identity and Contact Information;
Communication.

7.2 Lawful Basis

Consent
Legitimate interests (e.g., notifying you of Services similar to those you previously purchased or negotiated)

When We Share Personal Data

We engage other companies within the Creative Tech Lab group and third-party partners to help in our business operations and Services delivery. Sharing your Personal Data with these entities is crucial for maintaining seamless Services functionality. Furthermore, there may be occasions when we must disclose your Personal Data when required by applicable law or regulation, including disclosures to governmental, regulatory, or enforcement authorities, to safeguard our interests in legal proceedings, or during negotiations or the completion of a takeover, acquisition, merger, or asset sale.

Below is an overview of the recipients with whom we may share your Personal Data and the purposes for such sharing:

1. Service providers

We share Personal Data with the following categories of providers:

Information technology and data storage services: For data storage and to support both internal and external communications;
Marketing and sales service providers: For managing relationships with our partners and clients, communicating with you (e.g., via email), and sending marketing notifications and offers;
Electronic signature services: For the sending and signing of legal documents;
Data analytics providers: To measure and understand our audience, tailor our Services, improve your Website experience;
Audit, legal, and compliance services: For obtaining professional advice from consultants, lawyers, accountants, and other professional service providers.

2. Public authorities

To comply with legal obligations, respond to legal requests, prevent harm, and protect our rights.

3. Group companies

To conduct our business effectively such as ensuring seamless business operations, managing human resources, securing legal, compliance, or financial expertise, meeting regulatory requirements, conducting reporting and overseeing group functions, delivering information system maintenance and data hosting, maintaining business continuity during mergers or acquisitions.

4. Third parties in corporate transactions

To facilitate corporate transactions such as mergers, reorganizations, dissolutions, or sales of the Website or business units. We will make reasonable efforts, as required by applicable laws, to notify you of any transfer of Personal Data in these circumstances.

We take essential steps to ensure that any sharing of your Personal Data with third parties complies with relevant laws and regulations. These steps include data processing agreements that require third parties to follow applicable data protection laws and implement appropriate organizational and technical safeguards.

How We Transfer Personal Data outside the EEA

Some recipients of your Personal Data are located outside the EEA or UK. To maintain data protection standards during these transfers, we use the following international data transfer tools:

1. Adequacy decisions

Issued by the relevant regulators, the adequacy decisions determine if a third country or organization provides adequate data protection. The list of countries recognized for offering sufficient data protection can be found here:

If an adequacy decision is applicable, no other international data transfer tools are required.

2. EU Standard Contractual Clauses (SCCs)

These model clauses govern transfers to countries outside the EEA and UK that lack adequacy decisions. We ensure there is a binding contract in place containing the latest version of the EU Standard Contractual Clauses (SCCs). When necessary, we also supplement the EU Standard Contractual Clauses (SCCs) with the UK’s International Data Transfer Addendum (IDTA).

3. Derogations for specific situations

In the absence of other transfer tools, a transfer of Personal Data to a third country shall take place only under one of the following conditions:

Your explicit consent;
Performance of a contract between you and us or the implementation of pre-contractual measures;
Conclusion or performance of a contract concluded in your interest between us and another natural or legal person;
Public interests;
Establishment, exercise, or defense of legal claims;
Your vital interests or vital interests of another person.

If you want more information on the specific transfer tool we use when transferring your Personal Data, please contact us at privacy@createch-lab.com.

How We Secure Personal Data

We prioritize the security of your Personal Data and are committed to protecting it from unauthorized access, disclosure, alteration, or destruction. To achieve this, we implement a variety of robust security measures, in line with the requirements of the data protection laws, to ensure the confidentiality, integrity, and availability of your Personal Data.

How We Retain Personal Data

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected. For most processing activities, our standard data retention period is three years. When determining the appropriate retention periods, we consider several factors, including our contractual obligations and rights, legal obligations, our legitimate interests (such as protecting our business from potential legal claims), and guidelines issued by relevant data protection authorities. Once the retention period expires, we securely delete or anonymize your Personal Data.

If you want more information on the specific data retention period, please contact us at privacy@createch-lab.com.

Your Data Protection Rights

You have the following rights regarding the Personal Data we process:

1. Right to access

This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

2. Right to rectification

This enables you to have any inaccurate or incomplete Personal Data we hold about you corrected and completed.

3. Right to erasure

This enables you to ask us to erase your Personal Data (known as the “right to be forgotten”) where there is no good reason for us to continue processing it.

4. Right to restrict

You can request that we restrict the processing of your Personal Data under certain circumstances. We will assess whether we have overriding legitimate grounds to continue using it.

5. Right to object

This enables you to object to the processing of your Personal Data where we are relying on a legitimate interest and there is something about your particular situation that makes you want to object on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.

6. Right to portability

You can request that we transfer the Personal Data you provided to us to another organization, or directly to you, under certain conditions.

7. Right to withdraw consent

This enables you to withdraw the consent you gave us for processing your Personal Data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

8. Right to complaint

You can lodge a complaint with the relevant data protection authority, particularly in the country where you habitually reside, work, or believe an infringement has occurred.

If you want to exercise any of your data protection rights, please feel free to email us at privacy@createch-lab.com. Exercising your rights will not result in any charges. Upon receiving your request, we are dedicated to providing a response within a one-month timeframe.

Automated Decision-Making

Your Personal Data is not used in any automated decision-making (a decision made solely by automated means without any human involvement) or profiling (automated processing of Personal Data to evaluate certain conditions about an individual). Nevertheless, according to the law, you have the right to obtain human intervention in the process of automated decision making, to express your point of view and to contest the decision.

How to Contact Us

If you have questions about how we use your Personal Data, you can reach us by writing to:

Address: Jana Dantyszka 18, 02-054, Warszawa, Poland;
Email: privacy@createch-lab.com.

Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial changes. We will also notify you in other ways from time to time about the processing of your Personal Data.

Privacy Notice

Home

Services